Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-12598 |
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case. Published: August 06, 2017; 9:29:00 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-12597 |
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. Published: August 06, 2017; 9:29:00 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-12562 |
Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Published: August 05, 2017; 1:29:00 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-12424 |
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. Published: August 04, 2017; 5:29:00 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-11334 |
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area. Published: August 02, 2017; 3:29:00 PM -0400 |
V3.1: 4.4 MEDIUM V2.0: 2.1 LOW |
CVE-2017-10806 |
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages. Published: August 02, 2017; 3:29:00 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2017-10664 |
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. Published: August 02, 2017; 3:29:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-11714 |
psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. Published: July 28, 2017; 1:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-8743 |
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. Published: July 27, 2017; 5:29:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-9835 |
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. Published: July 26, 2017; 3:29:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-9739 |
The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. Published: July 26, 2017; 3:29:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-9727 |
The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. Published: July 26, 2017; 3:29:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-9726 |
The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. Published: July 26, 2017; 3:29:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-9612 |
The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document. Published: July 26, 2017; 3:29:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-9611 |
The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. Published: July 26, 2017; 3:29:00 PM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-9233 |
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. Published: July 25, 2017; 4:29:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-11434 |
The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string. Published: July 25, 2017; 2:29:01 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2015-7703 |
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. Published: July 24, 2017; 10:29:00 AM -0400 |
V3.1: 7.5 HIGH V2.0: 4.3 MEDIUM |
CVE-2017-11521 |
The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections. Published: July 22, 2017; 2:29:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-11450 |
coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short. Published: July 19, 2017; 3:29:00 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |